WordPress websites have become the target of a recent large scale hacking attempt. More than 90,000 websites and blogs have been affected so far, in an attack that began last week. The hackers have combed through WordPress websites in attempt to gain access via brute force attacks.
Brute force attacks are when hackers try to gain access to your site using a list of common or easy-to-guess passwords. This tactic would have no effect on most savvy users, but anyone who has left their password as the default or chose something such as ‘12345’ or other common passwords are definitely at risk.
If your blog is successfully hacked, it will most likely be added to a collection of compromised sites that communicate with one another for online attacks, typically to be used for DDos (denial of service) attacks. This means you may not even notice your site was compromised.
One recommendation that the founder of WordPress (Matt Mullenweg) made on his blog was to NOT USE the default admin username. When they released WordPress 3.0 they added the ability to pick a custom username at installation which helped reduce the amount of people using the default admin username. This definitely helps counter brute force attack, since the hackers need to try guessing the username AND password in order to gain access.